VA Sunshine Healthcare Network (VISN 8)

Issue: During a visit to a Veteran's home, a VA Home Based Primary Care employee left two other Veterans' protected health information (PHI) at the home. The caregiver contacted the VA and the VA has recovered the documents. Privacy will further…

Outcome: VA employee counseled and completed VA Privacy and Information Security and Rules of Behavior and Privacy and HIPAA training.Credit monitoring letter mailed to affected Veterans.

Issue: Veteran A was given Veteran B's discharge papers upon discharge. The documents contained Veteran B's full name, full SSN, date of birth, and medical information. Update: 03/18/13:Due to full SSN and medical information being exposed, Veteran B will be sent…

Outcome: The Service Chief notified of incident and informed to have employee(s) at a minimum re-take Privacy and ISO training and to contact HRMS for appropriate disciplinary actions.

Issue: A patient encounter list was faxed to a wrong number. It was faxed to an employee's bank. The employee states that she was trying to fax a document to her bank to have her address changed, but instead she mistakenly…

Outcome: Employee counseled by service.

Issue: Veteran called to report that medical records released to a clinical research company contained 7332 information, which was not authorized with the specific release. Update: 03/18/13:Veteran A will be sent a notification letter.…

Outcome: Release of Information Supervisor has met with and counseled the employee responsible for the release. Security and privacy safeguards (including 7332 information) have been reviewed with the employee. Notification letter was mailed to the Veteran w/apology on 3/25/13.…

Issue: Patient A received an appointment letter in the mail and included with the appointment letter was a letter of the lab results for Patient B from a VA physician. Update: 03/15/13:Patient B will be sent a notification letter.…

Outcome: The mailing of document from the healthcare system has been reviewed to find process improvement opportunities. Recommendations have been addressed and a meeting with the Logistics Supervisor with the healthcare center that may have mis-mailed the letter. A new envelope…

Issue: A VA employee's positive TB test results were emailed to all service supervisors. Update: 03/18/13:The employee will be sent a HIPAA notification letter.05/08/13:This was determined to be non-HITECH reportable by VHA Privacy Office.…

Outcome: Service chief notified of incident and requested at a minimum to have employee sending the list re-take the annual mandatory privacy, information and HIPAA training and to contact Employee Relations for appropriate disciplinary actions. Employee received verbal counseling. The practice…

Issue: A geriatric handoff report containing the protected health information (PHI) of two patients was discovered on the floor of a female rest room. The report was retrieved and brought to the attention of the Privacy Officer (PO) by a female…

Outcome: Geriatric handoff report was retrieved and affected Veterans were notified.

Issue: Veteran A was provided the correct Discharge Note, however the note was mistakenly written in Veteran B's records. Veteran A received Veteran B's name, SSN, date of birth, and protected health information (PHI). Update: 03/14/13:Veteran B will be sent a…

Outcome: Privacy Breach. Svc Chief notified of incident and informed to have employee(s) at a minimum re-take Privacy and ISO training and to contact HRMS for appropriate disciplinary actions. Verbal Counseling.…

Issue: Paperwork that was found in a public restroom in the facility included 3 pages with 55 names and partial SSNs and 1 page with 18 full names and partial SSNs, and 5 consults that contained full names, addresses, DOB and…

Outcome: The Health Tech submitted the information to the Privacy Officer (PO). The PO reported this incident to the Medical Administration Service (MAS) Supervisor to investigate and determine who left this information in the restroom.Notification letters mailed to the veterans -…

Issue: A VA employee accidentally pasted patient information when replying to Sprint notification for discount of her personal cell phone account. The email exchange took place on the employee's VA computer. She states that when she typed in "I Agree", patient…

Outcome: Employee re-trained and asked to exercise more caution when updating data.